Bump undici, hardhat and @nomicfoundation/hardhat-verify

[dependabot]

Bumps undici to 6.23.0 and updates ancestor dependencies undici, hardhat and @nomicfoundation/hardhat-verify. These dependencies need to be updated together.

Updates undici from 5.28.4 to 6.23.0

Release notes

Sourced from undici's releases.

v6.23.0

⚠️ Security Release

This fixes GHSA-g9mf-h72j-4rw9 and CVE-2026-22036.

Full Changelog: nodejs/undici@v6.22.0...v6.23.0

v6.22.0

What's Changed

• fix: fix wrong stream canceled up after cloning (v6) by @​snyamathi in nodejs/undici#4414
• [Backport v6.x] fix: fix EnvHttpProxyAgent for the Node.js bundle by @​github-actions[bot] in nodejs/undici#4432
• feat(ProxyAgent): match Curl behavior in HTTP->HTTP Proxy connections (#4180) by @​metcoder95 in nodejs/undici#4433
• feat(ProxyAgent) improve Curl-y behavior in HTTP->HTTP Proxy connections (#4180) (#4340) by @​metcoder95 in nodejs/undici#4445
• Backport 4472 to v6.x by @​Uzlopak in nodejs/undici#4480

Full Changelog: nodejs/undici@v6.21.3...v6.22.0

v6.21.3

What's Changed

• [Backport v6.x] append crlf to formdata body by @​github-actions in nodejs/undici#4210

Full Changelog: nodejs/undici@v6.21.2...v6.21.3

v6.21.2

What's Changed

• fix(types): add missing DNS interceptor by @​slagiewka in nodejs/undici#4024
• [v6.x] fix wpts on windows by @​mcollina in nodejs/undici#4093
• Removed clients with unrecoverable errors from the Pool nodejs/undici#4088

New Contributors

• @​slagiewka made their first contribution in nodejs/undici#4024

Full Changelog: nodejs/undici@v6.21.1...v6.21.2

v6.21.1

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

What's Changed

• fix(#3736): back-port 183f8e9 to v6.x by @​ggoodman in nodejs/undici#3855
• fix(#3817): send servername for SNI on TLS (#3821) [backport] by @​metcoder95 in nodejs/undici#3864
• fix: sending formdata bodies with http2 (#3863) [backport] by @​metcoder95 in nodejs/undici#3866
• [Backport v6.x] fix: Fixed the issue that there is no running request when http2 goaway by @​github-actions in nodejs/undici#3877
• types: [backport] Update return type of RetryCallback (#3851) by @​metcoder95 in nodejs/undici#3876

... (truncated)

Commits

• fbc31e2 Bumped v6.23.0
• 3477c94 chore: release flow using provenance
• d3aafea fix: limit Content-Encoding chain to 5 to prevent resource exhaustion
• f9c9185 Bumped v6.22.0
• f670f2a feat: make UndiciErrors reliable to instanceof (#4472) (#4480)
• 422e397 feat(ProxyAgent) improve Curl-y behavior in HTTP->HTTP Proxy connections (#41...
• 4a06ffe feat(ProxyAgent): match Curl behavior in HTTP->HTTP Proxy connections (#4180)...
• 4cb3974 fix: fix EnvHttpProxyAgent for the Node.js bundle (#4064) (#4432)
• 44c23e5 fix: fix wrong stream canceled up after cloning (v6) (#4414)
• da0e823 Bumped v6.21.4
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.

Updates hardhat from 2.22.2 to 3.1.4

Release notes

Sourced from hardhat's releases.

Hardhat v3.1.4

This release fixes code coverage calculation and adds HTML coverage report.

Patch Changes

• d7c13fa: Fixes a bug in how code coverage for Solidity tests is calculated (7767).
• b6a9d5a: Hardhat tries to use the latest Solidity version supported by Slang in case the a newer, unsupported version is selected (7846).
• 268acbf: Added HTML coverage report for solidity tests (7787).

---

💡 The Nomic Foundation is hiring! Check our open positions.

---

Hardhat v3.1.3

This release adds support for Solidity 0.8.31+ for ARM Linux and integrates the Mocha test runner with the unified test output.

Patch Changes

• 12d7468: Add mocha results to test summary numbers (#7791)
• 25155b5: Add support for the official builds of solc for ARM64 Linux (#7752)
• 065df38: Bumped EDR version to 0.12.0-next.22.
  • NomicFoundation/edr@b5a7b75: Added an API that reports the latest supported Solidity version for source instrumentation
• 5abcee6: Use Osaka as the default EVM target for solc 0.8.31+ and increase the gas limit per EIP-7935. Thanks @​Amxx! (#7813)

---

💡 The Nomic Foundation is hiring! Check our open positions.

---

Hardhat v3.1.2

This release adds support for Solidity 0.8.32 and 0.8.33.

Patch Changes

• e6ddffc: Bumped EDR version to 0.12.0-next.21.
  • NomicFoundation/edr@34e1ab4: Updated base mainnet eip1559 parameters after SystemConfig update on 2025-12-18
  • NomicFoundation/edr@2272bc0: Fixed excess_blob_gas calculation after Osaka
  • NomicFoundation/edr@44e779c: Added function-level configuration overrides for Solidity tests
  • NomicFoundation/edr@b5ad15c: Added support for instrumentation of Solidity 0.8.32 and 0.8.33

---

💡 The Nomic Foundation is hiring! Check our open positions.

---

Hardhat v3.1.1

This release adds support for Solidity 0.8.31.

Changes

• b3bde25: Disable test summary when mocha is included in runners (#7781)
• 88fcf8b: Bumped EDR version to 0.12.0-next.19.

... (truncated)

Changelog

Sourced from hardhat's changelog.

3.1.4

Patch Changes

• d7c13fa: Fixes a bug in how code coverage for Solidity tests is calculated (7767).
• b6a9d5a: Hardhat tries to use the latest Solidity version supported by Slang in case the a newer, unsupported version is selected (7846).
• 268acbf: Added HTML coverage report for solidity tests (7787).

3.1.3

Patch Changes

• 12d7468: Add mocha results to test summary numbers (#7791)
• 25155b5: Add support for the official builds of solc for ARM64 Linux (#7752)
• 065df38: Bumped EDR version to 0.12.0-next.22.
  • NomicFoundation/edr@b5a7b75: Added an API that reports the latest supported Solidity version for source instrumentation
• 5abcee6: Use Osaka as the default EVM target for solc 0.8.31+ and increase the gas limit per EIP-7935. Thanks @​Amxx! (#7813)

3.1.2

Patch Changes

• 3575a52: Bumped EDR version to 0.12.0-next.21.

  Minor Changes

  • NomicFoundation/edr@44e779c: Added function-level configuration overrides for Solidity tests

  Patch Changes

  • NomicFoundation/edr@b5ad15c: Added support for instrumentation of Solidity 0.8.32 and 0.8.33

• fd70728: Bumped EDR version to 0.12.0-next.20.

  Patch Changes

  • NomicFoundation/edr@34e1ab4: Updated base mainnet eip1559 parameters after SystemConfig update on 2025-12-18
  • NomicFoundation/edr@2272bc0: Fixed excess_blob_gas calculation after Osaka

3.1.1

Patch Changes

• b3bde25: Disable test summary when mocha is included in runners (#7781)

• 88fcf8b: Bumped EDR version to 0.12.0-next.19.

  • faef065: Added support for EIP-7892 (Blob Parameter Only hardforks)

3.1.0

... (truncated)

Commits

• e0062d8 Version Packages
• 26e4d4b Merge pull request #7787 from NomicFoundation/add-html-coverage-report
• b6a9d5a Solidity version for code coverage limited by the latest version supported by...
• cc2954d Merge pull request #7767 from NomicFoundation/coverage-fix
• b92f419 Fix typo
• 18b0246 fix spelling error
• 34d5f8f add debug function for statements
• e8786b9 rename variables and functions
• 8b1ecf6 reduce comment lines at ~80 chars
• 11b0be7 avoid calling charMustBeIgnored in second loop
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for hardhat since your current version.

Updates @nomicfoundation/hardhat-verify from 2.0.5 to 3.0.8

Release notes

Sourced from @​nomicfoundation/hardhat-verify's releases.

@​nomicfoundation/hardhat-verify@​3.0.7

Added automatic support for all the chains officially supported by Etherscan, Blockscout, and Sourcify. No custom chain configuration is needed for those chains now.

Changes

• 29acf32: Added fallback for chains not included in chain descriptors (#7657)

---

💡 The Nomic Foundation is hiring! Check our open positions.

---

@​nomicfoundation/hardhat-verify@​3.0.6

This release adds Sourcify support to hardhat-verify.

Changed

• 6307578: Added support for verifying contracts via Sourcify, thanks @​manuelwedler (#6885).

---

💡 The Nomic Foundation is hiring! Check our open positions.

---

@​nomicfoundation/hardhat-verify@​3.0.5

What's Changed

• Updated installation instructions to use defineConfig
• Etherscan api url fix by @​schaable in NomicFoundation/hardhat#7649

@​nomicfoundation/hardhat-verify@​3.0.4

This release is a small bug fix to better support custom chain descriptors where the apiUrl is specified.

Changes

• cbcb5ce: Fixed hardhat-verify by using apiUrl from etherscanConfig for verification, thanks @​Romsters (#7509)

---

💡 The Nomic Foundation is hiring! Check our open positions.

---

@​nomicfoundation/hardhat-verify@​3.0.3

This release is a small bug fix release that resolves an issue when verifying contracts imported from npm modules.

Changes

• d25eec4: Fixed a bug that prevented verification of contracts imported from npm modules (#7442)

---

💡 The Nomic Foundation is hiring! Check our open positions.

---

@​nomicfoundation/hardhat-verify@​3.0.1

... (truncated)

Changelog

Sourced from @​nomicfoundation/hardhat-verify's changelog.

3.0.8

Patch Changes

• 0635271: Fix Etherscan verification retry with full compiler input, thanks @​SyedAsadKazmi! (#7577)

3.0.7

Patch Changes

• 29acf32: Added fallback for chains not included in chain descriptors (#7657)

3.0.6

Patch Changes

• 6307578: Added support for verifying contracts via Sourcify, thanks @​manuelwedler (#6885).

3.0.5

Patch Changes

• d45234d: Fixed Etherscan verification failures by removing hardcoded v1 API URLs from chain descriptors (#7623). Also enhanced config resolution to support partial overrides in block explorer configurations for future extensibility.
• 558ac5b: Update installation and config instructions

3.0.4

Patch Changes

• cbcb5ce: Fixed hardhat-verify by using apiUrl from etherscanConfig for verification (#7509)

3.0.3

Patch Changes

• d25eec4: Fixed a bug that prevented verification of contracts imported from npm modules (#7442)

3.0.2

Patch Changes

• a475780: Added automatic proxy detection for hardhat-verify and fixed case-insensitive proxy environment variables for network requests (#7407)

3.0.1

Patch Changes

• 0016b57: Fix ContractInformationResolver to use optional chaining when accessing compiler output contracts to prevent potential TypeError (#7291)

3.0.0

... (truncated)

Commits

• 5eb8a29 update ignition dependencies
• 6ed6f19 Merge pull request #7577 from SyedAsadKazmi/fix-hardhat-verify
• dbd9e34 Add tests for detailed error messages
• 85256c3 Version Packages
• b9708e6 feat: add logs to getSupportedChains
• b42a498 test: add tests for resolveConfig and getSupportedChains
• ea0fb27 feat: add caching to getSupportedChains
• 1ce0aa5 fix: blockscout url
• f021296 refactor: remove unused function
• 636d7bf feat: fallback to verification provider chainlist when chain descriptor is no...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​nomicfoundation/hardhat-verify since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.